Sign-up

ID

VAR-201710-1367


CVE

CVE-2017-7119


TITLE

Apple macOS of IOFireWireFamily Vulnerability that bypasses memory read restrictions in components

Trust: 0.8

sources: JVNDB: JVNDB-2017-009333

DESCRIPTION

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "IOFireWireFamily" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. Apple macOS of IOFireWireFamily The component contains a vulnerability that bypasses memory read restrictions.An attacker could bypass memory read restrictions through a crafted application. Apple macOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code or bypass security restrictions and perform unauthorized actions. Failed exploit attempts will likely cause a denial-of-service condition. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. IOFireWireFamily is one of the FireWire interface drivers

Trust: 1.98

sources: NVD: CVE-2017-7119 // JVNDB: JVNDB-2017-009333 // BID: 100993 // VULHUB: VHN-115322

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:lteversion:10.12.6

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.8 or later 10.13

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.12.6

Trust: 0.6

vendor:applemodel:macosscope:eqversion:10.12.6

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.5

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.4

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.3

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.2

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.1

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8

Trust: 0.3

vendor:applemodel:macosscope:neversion:10.13

Trust: 0.3

sources: BID: 100993 // JVNDB: JVNDB-2017-009333 // CNNVD: CNNVD-201703-1091 // NVD: CVE-2017-7119

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-7119
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-7119
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201703-1091
value: MEDIUM

Trust: 0.6

VULHUB: VHN-115322
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-7119
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-115322
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-7119
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-115322 // JVNDB: JVNDB-2017-009333 // CNNVD: CNNVD-201703-1091 // NVD: CVE-2017-7119

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-115322 // JVNDB: JVNDB-2017-009333 // NVD: CVE-2017-7119

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-1091

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201703-1091

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-009333

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:HT208144url:https://support.apple.com/en-us/HT208144
Trust: 0.8
title:HT208144url:https://support.apple.com/ja-jp/HT208144
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-009333

EXTERNAL IDS
db:NVDid:CVE-2017-7119
Trust: 2.8
db:BIDid:100993
Trust: 1.4
db:SECTRACKid:1039427
Trust: 1.1
db:JVNid:JVNVU99806334
Trust: 0.8
db:JVNDBid:JVNDB-2017-009333
Trust: 0.8
db:CNNVDid:CNNVD-201703-1091
Trust: 0.7
db:VULHUBid:VHN-115322
Trust: 0.1
sources:
            
            
            VULHUB: VHN-115322 // 
            
            
            
            BID: 100993 // 
            
            
            
            JVNDB: JVNDB-2017-009333 // 
            
            
            
            CNNVD: CNNVD-201703-1091 // 
            
            
            
            NVD: CVE-2017-7119

REFERENCES
url:https://support.apple.com/ht208144
Trust: 1.7
url:http://www.securityfocus.com/bid/100993
Trust: 1.1
url:http://www.securitytracker.com/id/1039427
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7119
Trust: 0.8
url:http://jvn.jp/vu/jvnvu99806334/index.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-7119
Trust: 0.8
url:https://www.apple.com/
Trust: 0.3
url:http://www.apple.com/macosx/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-115322 // 
            
            
            
            BID: 100993 // 
            
            
            
            JVNDB: JVNDB-2017-009333 // 
            
            
            
            CNNVD: CNNVD-201703-1091 // 
            
            
            
            NVD: CVE-2017-7119

CREDITS
Daniel Jalkut of Red Sweater Software, Brandon Azad, Tim Kingman, Xiaolong Bai, Min (Spark) Zheng of Alibaba Inc., Benjamin Gnahm (@mitp0sh) of PDX.
Trust: 0.3
sources:
            
            
            BID: 100993

SOURCES
db:VULHUBid:VHN-115322
db:BIDid:100993
db:JVNDBid:JVNDB-2017-009333
db:CNNVDid:CNNVD-201703-1091
db:NVDid:CVE-2017-7119

LAST UPDATE DATE
2024-11-23T19:35:59.459000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-115322date:2017-10-25T00:00:00
db:BIDid:100993date:2017-09-25T00:00:00
db:JVNDBid:JVNDB-2017-009333date:2017-11-09T00:00:00
db:CNNVDid:CNNVD-201703-1091date:2017-10-24T00:00:00
db:NVDid:CVE-2017-7119date:2024-11-21T03:31:12.747

SOURCES RELEASE DATE
db:VULHUBid:VHN-115322date:2017-10-23T00:00:00
db:BIDid:100993date:2017-09-25T00:00:00
db:JVNDBid:JVNDB-2017-009333date:2017-11-09T00:00:00
db:CNNVDid:CNNVD-201703-1091date:2017-03-27T00:00:00
db:NVDid:CVE-2017-7119date:2017-10-23T01:29:13.110